password

Is the End Nigh for the Password?

How many times have you felt yourself succumbing to the ‘password rage’ when you’ve had to click the dreaded ‘forgot my password’?

Let’s face it passwords are just a pain and if you’re responsible for IT security you’ll know that alone, they aren’t secure enough to protect your network or company resources. According to SecureAuth, 81% of data breaches involved the use of weak, default or stolen credentials. Organisations will often try to minimise this risk by requiring more frequent password changes, much to the frustration of the user and the increase in helpdesk resource requirements. It is evident that the conventional use of passwords is no longer a sufficient manner to protect your company’s corporate data.

The time is now to look to alternative methods of authentication.

According to IT departments they are dealing with a password reuse epidemic. For 25-34 year olds, the average number of accounts registered to the same email address is 40 and shockingly on average those users only had 5 different passwords for those accounts. It’s not surprising therefore that hackers will go after any user who reuses the same password across multiple accounts. Quite literally we’re offering hackers our credentials on a plate. If an attacker steals your password for a site where you have no private information, that hacker potentially has the key to unlock the sites to where your most valuable information is stored. If that site happens to contain banking information, for example, you’ll have got yourself into real trouble.

Whilst many organisations will look to two factor authentication (2FA) as a viable alternative it is simply not enough to protect your corporate data. The wealth of personal information made available publicly by social media sites means that knowledge based security questions and answers can easily be engineered by hackers. Similarly, one-time passcodes (OTPs) delivered via SMS or email can be intercepted and are no longer deemed to be a safe method of authentication by the National Institute for Standards and Technology. With 81% of hacking-related breaches involving stolen or weak passwords that cannot be prevented by network or endpoint security it’s time to look beyond 2FA authentication for access control but what is the best solution?

Let us introduce you to passwordless authentication from SecureAuth. This multi-layered risk analysis checks devices, IP addresses, location, typing sequences, and access rights coupled with more convenient 2-factor authentication methods and flexible authentication workflows. If that isn’t impressive enough passwordless authentication doesn’t get in the way of employees trying to do their jobs and is more secure than single or second factor alone. To top all off that off it can also save you money as the elimination of passwords can save each user three minutes a day, which adds up to millions of pounds in labour cost savings.

Resources:
https://securityintelligence.com/reduce-reuse-recycle-except-for-passwords/
https://www.secureauth.com/